IN THE CLAIMS : 

Please CANCEL claims 2, 8-1 1, 13, and 17-20 without prejudice or disclaimer; 
Please AMEND claims 1, 3-7, 12, and 14-16; and 
Please ADD new claims 21-23 as follows: 

1 . (Currently Amended) A method, comprising: 
authenticating a mobile node by an access router; 

authorizing the mobile node to participate in a candidate access router discovery 
procedure; 

maintaining, by the cach of a plurality of access routers within a mobile internet 
protocol environment, a cache of neighboring access routers as handover candidates, 
capabilities of the neighboring access routers, and thek^associated access points of the 
neighboring access routers, wherein access routers are considered neighbors only if the 
access routers comprise access points with overlapping coverage areas ; and 

populating theeaeh cache with a_cache entry entries in response to a handover 
actions of the initiated by mobile nodes, wherein the cache entry concerns a neighboring 
access router, the capabilities of the neighboring access router, and an associated access 
point from which the mobile node is handed over, 

wherein theeaeh cache entry is tagged with authentication information an id e ntity 
of the an action initiating mobile node, which identity i s based on information that is 
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verifiable by the access routers and which cannot bo modified arbitrarily by the mobile 
node, and 

wherein a total number of cache entries that can be tagged and thus introduced into 
the a cache by the any given mobile node is limited. 

2. (Cancelled) 

3. (Currently Amended) The method according to claim 1, wherein the 
identity of the mobile node is authenticated by using at least one of an international 
mobile subscriber identity for cellular communication systems^ and a network access 
identifier for systems based on internet protocol. 

4. (Currently Amended) The method according to claim 1, wh e rein an action 
initiated by a mobile node comprises a handover procedure of the mobile node between a 
previous access router and a new access router, said method further comprising: 

generating a token by the previous acc e ss router; 

s ending the token from the previous access router to the mobile node within a 
mes s age comprising a list of candidate acce ss routers; 

receiving a sending th e token within a message specific to the a candidate access 
router discovery procedure from the mobile node byte the-fiew access router as a selected 
handover candidate after athe handover procedure of the mobile node between a previous 
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access router and the access router, wherein the token is generated by the previous access 
router and is sent from the previous access router to the mobile node within a message 
comprising a list of candidate access routers ; and 

sending the token within a neighbor exchange between the access routers re s ulting 
in cache entries being created or refreshed from the second access router back to the 
previousfe st access router for verification , wherein the access routers are configured to 
one of create and refresh cache entries concerning the respective other access router, the 
capabilities of the respective other access router, and the associated access point of the 
respective other access router . 

5. (Currently Amended) The method according to claim 4, 

wherein the token is generated by maintaining by the previous access router a 
short list of random values used as keys to hash the identity of the mobile node, 

wherein each key in the short list is associated with an integer index that is passed 
along with the token, and 

wherein upon receiving the token for verification, the previous access router uses 
the integer index to lookup the associated key, hash the identity of the mobile node sent 
in the neighbor exchange^ and compares the hash to the token. 

6. (Currently Amended) The method according to claim 5, wherein with 
progressing time new keys are generated and added to the head of the list while old keys 
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are expired and removed so that from the length of the list and the frequency of the 
generated new k eys, the total amount of time the a mobile node has been attached is 
determined. 

7. (Currently Amended) A system, comprising: 

a plurality of access routers within a mobile internet protocol environment, each of 
the access routers configured to authenticate a mobile node, to authorize the mobile node 
to participate in a candidate access router discovery procedure, and to maintain a cache of 
neighboring access routers as handover candidates , capabilities of the neighboring access 
routers, and thei^associated access points of the neighboring access r outers, wherein the 
access routers are considered neighbors only if the access routers comprise ac cess points 
with overlapping coverage areas ; and 

a plurality of mobile nodes , each of the mobile nodes configured to perform a 
handover which are capable of populating the cache s in response to actions between the 
access routers initiat e d , 

wherein the cache is configured to be populated with a such that each cache entry 
in response to the handover action of the mobile node, wherein the cache entry concerns a 
neighboring access router, the capabilities of the neighboring access router, and an 
associated access point from which the mobile node is handed over, and wherein the 
cache is further configured tot s tagged the cache entry with authentication informationa n 
identity of the handover action performing initiating mobile node -having thus cr e ated the 
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entry, and to limitt hat a total number of entries that can be tagged and thus introduced 
into the cache by any given mobile node is limited . 

8-11. (Cancelled) 

12. (Currently Amended) An apparatus, comprising: 
a first controller configured to authenticate a mobile node; 

a second controller configured to authorize the mobile node to participate in a 
candidate access router discovery procedure; and 

a cache of neighboring access routers as handover candidates , capabilities of the 
neighboring access routers, and their-associated access points of the neighboring access 
routers , wherein access routers are considered neighbors only if the access routers 
comprise access points with overlapping coverage areas; 

wherein the cache is configured to be populated with such that each a cache entry 
in response to a handover action of the mobile node, wherein the cache entry concerns a 
neighboring access router, the capabilities of the neighboring access router, and an 
associated access point from which the mobile node is handed over, and wherein the 
cache is further configured to is tagge d the cache entry with authentication informationa l* 
identity of the handover action performinga mobile node having initiated the entry 
creation , and to limit a that the total number of entries that can be tagged and thus 
introduced into the cache by any given mobile node is limited . 
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13. (Cancelled) 

14. (Currently Amended) The apparatus according to claim 12, further 
comprising: 

a generator configured to g e nerate a token, 

a first transmitter configured to send the token to a mobile node within a message 
comprising a list of candidate access routers, 

a receiver configured to receive a token within a message specific to the candidate 
access router discovery procedure from the mobile node after a handover procedure of 
the mobile node between a previous access router and the access router, wherein the 
previous access router is configured to generate the token and to send the token to the 
mobile node within a message comprising a list of candidate access routers; and 

a seeeftd-transmitter configured to send the token within a neighbor exchange with 
the previous aftethef access route r for verification, wherein a cache entry concerning the 
previous access router, the capabilities of the previous access router, and the associated 
access point of the previous access router is one o f re s ulting in cache entries being 
created ander refreshed, and wherein the previous access router comprises a verifier 
configured to verify the token. 

a verifier configured to verify th e token. 
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15. (Currently Amended) The apparatus according to claim 14, 

wherein the previous access router g erierator comprises a first hashing unit 
configured to hash the identity of the mobile node by using random values out of a short 
list as keys, and an associating unit configured to associate each key in the list with an 
integer index, and 

wherein the verifier comprises a lookup table for-the integer indices and their 
associated keys, a second hashing unit configured to hash the identity of the mobile node 
and a comparing unit configured to compare the hash to the token. 

16. (Currently Amended) The apparatus according to claim 15, wherein the 
previous access router g enerator is configured to generate new keys with progressing 
time, to add the new keys m to the head of the list, and to remove old keys. 

17-20. (Cancelled) 

21. (New) The apparatus according to claim 16, further comprising: 

a determiner configured to determine a total amount of time a mobile node has 
been attached from the length of the list and the frequency of the generated new keys. 

22. (New) A computer program, embodied on a computer readable medium, for 
controlling a processor to implement a method, the method comprising: 
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authenticating a mobile node by an access router; 

authorizing the mobile node to participate in a candidate access router discover 
procedure; 

maintaining, by the access router within a mobile internet protocol environment, a 
cache of neighboring access routers as handover candidates, capabilities of the 
neighboring access routers, and associated access points of the neighboring access 
routers, wherein access routers are considered neighbors only if the access routers 
comprise access points with overlapping coverage areas; and 

populating the cache with a cache entry in response to a handover action of the 
mobile node, wherein the cache entry concerns a neighboring access router, the 
capabilities of the neighboring access router, and an associated access point from which 
the mobile node is handed over, wherein the cache entry is tagged with authentication 
information of the mobile node, and wherein a total number of cache entries that can be 
tagged and thus introduced into the cache by the mobile node is limited. 

23. (New) An apparatus, comprising: 

authentication means for authenticating a mobile node; 

authorization means for authorizing the mobile node to participate in a candidate 
access router discovery procedure; 

caching means for storing neighboring access routers as handover candidates, 
capabilities of the neighboring access routers, and associated access points of the 
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neighboring access routers, wherein access routers are considered neighbors only if they 
comprise access points with overlapping coverage areas; 

wherein the caching means is configured to be populated with a caching means 
entry in response to a handover action of the mobile node, wherein the caching means 
entry concerns a neighboring access router, the capabilities of the neighboring access 
router, and an associated access point from which the mobile node is handed over, and 
wherein the caching means is further configured to tag the caching means entry with 
authentication information of the handover action performing mobile node, and to limit a 
total number of entries that can be tagged and thus introduced into the caching means by 
any given mobile node. 
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